Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors | Products |
---|---|
Microsoft |
|
Htmlpurifier |
|
Configuration 1 [-]
AND |
|
References
Link | Resource |
---|---|
http://htmlpurifier.org/news/2010/0915-4.2.0-released | Vendor Advisory |
http://htmlpurifier.org/security/2010/css-quoting |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:21:05
Updated: 2022-10-03T16:21:05
Reserved: 2022-10-03T00:00:00
Link: CVE-2010-4183
JSON object: View
NVD Information
Status : Analyzed
Published: 2010-11-05T17:00:03.203
Modified: 2021-07-23T15:12:10.537
Link: CVE-2010-4183
JSON object: View
Redhat Information
No data.
CWE